Skip to content
View in the app

A better way to browse. Learn more.

Unraid

A full-screen app on your home screen with push notifications, badges and more.

To install this app on iOS and iPadOS
  1. Tap the Share icon in Safari
  2. Scroll the menu and tap Add to Home Screen.
  3. Tap Add in the top-right corner.
To install this app on Android
  1. Tap the 3-dot menu (⋮) in the top-right corner of the browser.
  2. Tap Add to Home screen or Install app.
  3. Confirm by tapping Install.

unwanted presence

Featured Replies

Hi everyone,

I recently discovered an unwanted presence on my network—another server I was running got compromised, and the intruder managed to access my Unraid server. I noticed them browsing through some folders before I was able to shut things down.

I've since deleted the breached server, but I'm concerned about the integrity of my Unraid system. I’ve checked the logs and didn’t notice anything unusual or persistent after a reboot, but I’d really appreciate it if someone with more experience could take a look and let me know if anything suspicious stands out.

Logs are attached. Thanks in advance for your help!

beanserver-diagnostics-20250425-0833.zip

  • Community Expert

Just check there is nothing in the ‘extras’ folder on the flash drive that could be auto-loaded on a reboot.   The core Unraid OS should be fine as a fresh copy is loaded into RAM from the archives on the flash drive on every boot which is one of the plus points for Unraid.

 

Data could be compromised if the infected client changed anything but this would not show up in the diagnostics.   The same would apply to any docker vontainerx.

  • Community Expert

I looked through your Shares settings.  You have one SMB share set as 'Secure' which means that anyone could read(copy) data from those shares.  The rest of the SMB Shares are either 'Private' or not exported.  However, you have several NFS shares be exported as 'Public'  which means that the intruder had full access to them. 

 

You also have to consider if you had links setup between the compromised server and your Unraid server. 

 

You should be asking yourself, "What did they do (or try to do) on the compromised server"?   Then look for that type of activity on your Unraid server. 

 

Did you have the Flash Drive shared via SMB or NFS?  If you did, you should definitely change all passwords for all users. 

 

Have you figure out how they gained access to the compromised server?   You also need to address that problem. 

 

 

Edited by Frank1940

  • 3 weeks later...
  • Author

Thank you all for the replies—I really appreciate it. I ended up just doing a reinstall and checking over my shares. Thanks again for the help; everything's back up and running now, and it all seems to be working well!

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.

Guest
Reply to this topic...

Account

Navigation

Search

Search

Configure browser push notifications

Chrome (Android)
  1. Tap the lock icon next to the address bar.
  2. Tap Permissions → Notifications.
  3. Adjust your preference.
Chrome (Desktop)
  1. Click the padlock icon in the address bar.
  2. Select Site settings.
  3. Find Notifications and adjust your preference.